<?
/*--------------------------
	file:	token.class
	intro:	令牌创建和验证类
--------------------------*/
/*if(!defined('MIDP')) {
	exit('Access Denied');
}*/
class Token{	
	
	function create(){
		return '<input type=hidden name="token" value="'.makeHash().'" />';
	}
	function check(){
		//检查TOKEN
		$token = $_POST['token'];
		$tokenArr = isset($_SESSION['token']) ? $_SESSION['token'] : array();
		//if(empty($tokenArr))return true;
		if(!$token || $token==''){
			//$this->error = "T013,未知错误，请联系管理员！";
			//$this->warnError();
			return 1;
		}
		if(!empty($tokenArr)){			
			if(in_array($token, $tokenArr)){
				//$this->error = "请勿重复提交！";
				//$this->warnError();
				return false;
			}else{
				$token!='' && $_SESSION['token'][] = $token;  
			}
		}else{
			$token!='' && $_SESSION['token'][] = $token;
		}
		//开始检查外路
		$thisurl = $_SERVER['HTTP_HOST'];
		$referurl = $_SERVER['HTTP_REFERER'];
		
		if(getDomain($thisurl)!=getDomain($referurl)){
			//$this->error = '请不要通过外部链接提交，或关闭您的防火墙！';
			return false;
		}
		return true;
	}
}
?>